西安电子科技大学学报

• 研究论文 • 上一篇    下一篇

策略半隐藏且支持更新的多机构属性加密方案

闫玺玺1;刘媛1;李子臣2;汤永利1   

  1. (1. 河南理工大学 计算机科学与技术学院,河南 焦作 454003;
    2. 北京印刷学院 信息工程学院,北京 102600)
  • 收稿日期:2017-04-27 出版日期:2018-04-20 发布日期:2018-06-06
  • 通讯作者: 汤永利(1972-),男,教授,博士,E-mail: yltang@hpu.edu.cn
  • 作者简介:闫玺玺(1985-),女,讲师,博士, E-mail:yanxx@hpu.edu.cn.
  • 基金资助:

    国家自然科学基金资助项目(61300216);河南省科技厅资助项目(132102210123);河南省教育厅科研资助项目(16A520013);河南理工大学博士基金资助项目(B2014-044)

Multi-authority attribute-based encryption scheme with policy semi-hidden and dynamic updating

YAN Xixi1;LIU Yuan1;LI Zichen2;TANG Yongli1   

  1. (1. School of Computer Science and Technology, Henan Polytechnic Univ., Jiaozuo 454003, China;
    2. School of Information Engineering, Beijing Institute of Graphic Communication, Beijing 102600, China)
  • Received:2017-04-27 Online:2018-04-20 Published:2018-06-06

摘要:

针对云环境中采用属性基加密机制所引起的隐私泄露和策略更新开销大的问题,提出支持访问策略半隐藏和动态更新的多机构属性基加密方案.该方案采用策略半隐藏方式,将属性分为属性名和属性值两部分,通过对用户的属性值进行隐藏,保护用户的所有属性隐私,避免用户的具体属性值泄露给第三方.另外,方案采用线性秘密共享技术,引入动态策略更新算法,支持与、或、非等任何类型的策略更新,减少传统策略更新中的计算和通信开销.经安全性分析证明,该方案在标准模型下满足选择明文攻击安全.通过与其他方案对比,用户密钥大小、密文大小和解密代价均有所优化,更加适用于云环境中需保护用户隐私及支持策略更新的情况.

关键词: 属性基加密, 多机构, 策略半隐藏, 策略更新

Abstract:

Attribute-Based Encryption (ABE) is a new cryptographic technique which guarantees fine-grained access control of outsourced encrypted data in the cloud. However, privacy revealing and policy updating are the key limitations. Thus, a Multi-Authority attribute-based encryption scheme with policy partially hidden and dynamic updating is proposed. In the scheme, the users' attribute is divided into two parts: the attribute name and the attribute value. The values of the user's attributes are hidden to prevent from revealing to any third parties. In addition, the Linear Secret-Sharing Scheme(LSSS) access structure and policy updating algorithms can support any type of policy updating, and it proves secure against the chosen plaintext attack in the standard model. Compared to the existing related schemes, the size of both users' secret key and ciphertext is reduced, and the lower computing cost makes it more effective in protecting users' attributes and support policy updates.

Key words: attribute based encryption, multi-authority, policy semi-hidden, policy updating